Hiya,
we run several hundred websites on one specifc server running Apache and PHP as CGI (CentOS 5.1).
I know we could run it is modul etc., but it would be a long story why we do it that way
We do have a small problem.
Apache itself runs as user nobody and group www
So each website runs under that specific user (for example user1 : www) and the v-host file uses user1 : user1 as SuExec group ..
Can you follow me ? I have a hard time to explain lol ..
Lets assume you can follow me ...
SuExec would obviously never work as the group itself is always different when ie a file is being created through a PHP script etc.
In order to make it work, the suexec.c has been modified and the attached lines were removed for now (and compiled with it):
Code:
/*
* Error out if the target name/group is different from
* the name/group of the cwd or the program.
*/
if ((uid != dir_info.st_uid) ||
(gid != dir_info.st_gid) ||
(uid != prg_info.st_uid) ||
(gid != prg_info.st_gid)) {
log_err("target uid/gid (%ld/%ld) mismatch "
"with directory (%ld/%ld) or program (%ld/%ld)\n",
uid, gid,
dir_info.st_uid, dir_info.st_gid,
prg_info.st_uid, prg_info.st_gid);
exit(120);
}
We have now tried to modfy those lines in order to have only the uid checked but the gid ignored .. we haven't managed to do so (just removing the gid lines doesn't work)
Does someone has a brilliant idea (apart of the obvious : removing suexec etc.)